Basic beginner testing/home lab setup

[jamesdeluk]

Are there any "complete" guides to setting up SO for a simple testing/home lab environment?

My plan is to have three VMs (Virtualbox) on my host, all bridged (so same network).

1. SO (latest)
2. Windows/Linux victim
3. Kali attacker
   Kali will attack the victim in various ways (e.g. Atomic Red Team) and I'll play with SO to see different alerts and track the attacks etc.

I installed SO as per instructions (inc. second adapter promiscuous internal), and it's up and running (everything is OK with so-status), but the SOC is not seeing any network traffic. Kibana only has the SO machine (for host, and searching by IP). so-allow has my home network, and during the setup I included my home network. I installed the Analyst VM but Wireshark says there are no interfaces (although there are enp0s3 and enp0s8), but I can connect to the internet.

I'm pretty new to this so sorry if I'm being stupid; I've looked through the docs but I thought by default it should at least see the rest of the traffic. If I am just being stupid, please feel free to simply post a link explaining what I need to do and say "read this you idiot" 😃

Also, for some reason, in the Analyst VM, my password doesn't work for the pop-up Administrator box, although if I go through Terminal it does. Does the Administrator have a different default password? I searched the docs but it doesn't say.

Thanks! Once I get this all working I might make an home-lab setup video myself for other newbies like myself.

[TOoSmOotH]

Start here:
https://www.youtube.com/playlist?list=PLljFlTO9rB155aYBjHw2InKkSMLuhWpxH

[jamesdeluk]

Thanks @TOoSmOotH, those are really good videos! Although they don't really explain how to actually log/monitor the traffic - the first bit is the setup (which I did correctly, it seems), and the second is using the tools to analyse the traffic (in this case, the test traffic).

Am I missing something?